Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

Vulnrichment
Vulnrichmentadded 2024/04/12 9:4 p.m.8 views

CVE-2024-29022 Session Hijacking via XSS attack in header and session grid in Xibo CMS

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script int...

8.8CVSS6.5AI score0.00115EPSS
Exploits0References4
CVE
CVEadded 2024/04/12 9:0 p.m.78 views

CVE-2024-29023

CVE-2024-29023 affects Xibo CMS: session tokens are exposed in the session-search API response, enabling potential session hijacking when users have access to the sessions page. Affected software is Xibo: upgrades are recommended to close the issue. Remediation per sources: Upgrade to Xibo 3.3.10...

7.2CVSS6.8AI score0.00109EPSS
Exploits0References6
Rows per page
Query Builder